vmr-codeflow-status
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- GitHub CLI Integration: The skill uses the official GitHub CLI (
gh) to perform repository operations, such as viewing pull requests and searching for historical metadata. This is a standard practice for automating repository maintenance tasks. - Official Build Infrastructure Access: The included PowerShell script performs network requests to
aka.msandci.dot.net. These are well-known, official Microsoft and .NET foundation domains used to retrieve current build freshness and SDK publication status, which is necessary for diagnosing codeflow staleness. - Maestro Service Interaction: Documentation and scripts reference
maestro.dot.net, which is the official .NET service for dependency management (Maestro). Interactions are centered around querying build and subscription data to assist developers in synchronization workflows. - Input Validation: The script includes regex validation for the repository name (e.g.,
owner/repo) and enforces type-casting for PR numbers, reducing the risk of accidental command injection during local execution. - External Data Ingestion: The skill analyzes data from GitHub PR comments and descriptions to detect merge conflicts and staleness warnings. This processing is informational and helps the agent synthesize recommendations based on the existing state of the PR.
Audit Metadata